Title of Presentation
-
Upload
cameroon45 -
Category
Technology
-
view
771 -
download
3
Transcript of Title of Presentation
Agenda day 2
Day 1 wrap up and moreIt’s all about the XBOXManagement Packs for DummiesManagement Packs, a closer look
So far
Overview of SCOM functionInstallationBut… what about availability
Microsoft Confidential
Side by Side MigrationSame Hardware Approach
20052005
20052005
20072007
20072007
20052005
Management Group 1 - 2005Management Group 1 - 2005
Management Group 2 –2007Management Group 2 –2007
20072007
Microsoft Confidential
Side by Side MigrationNew Hardware Approach
20052005
20052005
20072007
20072007
20052005
Management Group 1 - Management Group 1 - 20052005
Management Group 2 - Management Group 2 - 20072007
20072007
5
High Availability Consideration
6
High Availability Consideration
7
Deployment Security Considerations
Account Name Asked During Used For Low Maintenance High Security
Management Server Action Account
Management Server Setup
Collect Data from provider and run responses
Local SystemLow Privilege Domain Account
SDK and Config Service Account
Management Server Setup
Write to the Ops Database and run services
Local System Domain Account
Administrator Account
Discovery\Push Agent Install
Installing AgentsDomain or Local Administrator Account
Domain Account or Local Administrator Account
Agent Action Account
Discovery\Push Agent Install
Gather information and run responses on the managed computers
Local SystemLow Privilege Domain Account
Data Warehouse Write Account
Reporting Server Setup
Write to the Data Warehouse
Low Privilege Domain Account
Low Privilege Domain Account
Data Reader Account
Reporting Server Setup
Query SQL Reporting Services
Low Privilege Domain Account
Low Privilege Domain Account
Point A Direction Point B Port Protocol Configurable
DB Root MS OLEDB 1433 TCP Yes (Setup)
DB MS OLEDB 1433 TCP Yes (Setup)
Root MS MS 5723 TCP No
Root MS Gateway Server 5723 TCP Yes (Setup)
Root MS Data Warehouse OLEDB 1433 TCP No
Root MS Reporting Server 5724 TCP No
Root MS Operations Console 5723 TCP No
Root MSConnector Framework Source
51905 TCPNo
Root MS Web Console Server 5724 TCP No
Root MS (Top-Tier) Root MS (Mid-Tier) 5724 TCP No
Root MS, MS, Gateway Server Agent 5723 TCP Yes (Setup)
MS Gateway Server 5723 TCP Yes (Setup)
MS ACS Collector Agent (ACS Forwarder) 59109 TCP Yes (Reg Key)
MS AEM File Share AEM Data from client 51906, 445 TCP Yes (AEM Wizard)
MS SQM End Point SQM Data from client 51907 TCP Yes (AEM Wizard)
Gateway Server Gateway Server 5723 TCP Yes (Setup)
Operations Console (Reports) SQL Reporting Services 80 TCP No
Data Warehouse Reporting Server OLEDB 1433 TCP No
ACS Database MS ACS Collector OLEDB 1433 TCP No
Web Console Server Web Console Browser 51908, 443 TCPYes (Web Config
File)
Deployment Firewall/Security Considerations
Management Packs for Dummies
What is a Management PackWhat is out thereNow what?
What is a Management pack?
Very flexible and powerful way to extend OpsMgrTypical types of data that can be consumed
Event logs, performance counters, log filesSNMP data and traps, SyslogSomething that can be accessed through a scriptWS-man – WindowsRM (OpsMgr sp1)
XML document with knowledge about an applicationThe structure of the applicationHow to discover the applicationHow to monitor the applicationWhat to do when the application breaks
Sealed Management PacksSealed Management Packs
Read-onlyDigitally signed by vendorBenefits
Simplifies upgrading to a new versionEasy to roll back to original versionSimplifies troubleshooting for the vendor
Sealed Management Packs
Why Sealed MPs? IDVersionSigned by Certificate
ComposabilityMust use the full identityVersion indicates lowest version usableOnly sealed MPs can be referenced
Microsoft Management Packs
38 Management Packs Currently Published
18 more before December
~20 Windows Server 2008 MPs
5 more Native MPs being developedBiztalk R2Cluster2003 DNS2003 DHCPISA 2006
Windows Server 2008 MPs
All Windows Server 2008 Roles
Common library will be updated for down-level MPs
ADWINS DNS DHCP
There will be beta releases
Released MPs for Operations Mgr 2007Exchange Server 2003/2007
Windows Server 2000/2003 ADInformation WorkerMS Server 2000/03 OSMS Client 2000 XP OSWindows Server IIS 2000/2003SharePoint Portal Server 2003Windows SharePoint Services 2003Windows Server 2000/2003 Terminal ServicesSQL Server 2000/2005Windows Vista ClientWindows Update Services 3.0Dynamics CRM 3.0SMS 2003Office SharePoint Server 2007Windows SharePoint Services 3.0Windows DHCP Server 2003/2000Windows File Replication Service 2003/2000
Windows Group Policy 2003Windows Print Server 2003Biztalk Server 2006 Forefront for ExchangeForefront for SharepointWindows Network Load BalancingIdentity Integration Server 2003 Office Project Server 2007Windows DNS Server 2003/2000Windows Distributed File Systems 2003Windows Routing and Remote Access Service 2003Windows Distributed Transaction Coordinator 2000/2003Computer Cluster Server 2003Windows AD Federation Services 2003Windows Internet Naming Service 2000/2003ISA Server 2004/2006 Office Live Communications Server 2005
15
MP Roadmap for Operations Mgr 2007
Released H1 CY‘08
Exchange Server 2003Windows Server 2000/2003 AD Information WorkerMS Server 2000/03 OSMS Client 2000 XP OSWindows Server IIS 2000/03SharePoint Portal Server 2003Windows SharePoint Services 2003Windows Server 2000/03 Terminal
ServicesSQL Server 2000/05Windows Vista ClientWindows Update Services 3.0Dynamics CRM 3.0SMS 2003Office SharePoint Server 2007Windows SharePoint Services 3.0Windows DHCP Server 2003/2000Windows File Replication Service
2003/2000Windows Group Policy 2003Windows Print Server 2003Biztalk Server 2006 Forefront for ExchangeForefront for SharepointWindows Network Load Balancing Identity Integration Server 2003 Office Project Server 2007Windows DNS Server 2003/2000Windows Distributed File Systems 2003Windows Routing and Remote Access
Service 2003Windows Distributed Transaction
Coordinator 2000/2003Computer Cluster Server 2003Windows AD Federation Services 2003Windows Internet Naming Service
2000/2003 ISA Server 2004/2006 Office Live Communications Server 2005
Configuration Manager 2007 System Center Virtual Machine
Manager 2007 and Virtual Server 2005 Windows Server Clusters 2000/03 Exchange 2007 Windows Rights Management Services
2003Office SharePoint Server 2007 Windows SharePoint Services 3.0/LH Office Project Server 2007 System Center Data Protection
Manager 2006 Commerce Server 2007 Host Integration Server 2006 Windows Password Change Notification
Service 2003 Antigen 9.0 MOM Pack Windows Server Automated
Deployment Services 2003 Windows Server Performance Advisor
2003 Windows System Resource Manager
2003 Communicator Web Access 2005 Windows Key Management Services
2003 Office Communications Server 2007
Windows Server 2008 Windows Server 2008 AD Additional MPs (work in progress)
This information represents Microsoft Corporation's current view of its product development cycle. It was accurate at the time of publication. None of the information in this timetable should be interpreted as a commitment on the part of Microsoft Corporation.
Q4 CY’07
Localization Localization
• DHCP Server Service 2000/2003
• Print Server 2003
• DNS Server Service 200/2003
• Office Live Communications Server 2005 SP1
•System Center Data Protection Manager 2006
•Exchange Server 2003• SQL Server 2000/2005• Internet Information Services 2000/2003• Server 2000/2003 Operating System• XP Operating System• Information Worker• SharePoint Service 2.0 • SharePoint Portal Server 2003• Terminal Services 2000/2003• Vista Client Monitoring• Operations Manager 2007• Virtual Server 2005/Virtual Machine Manager 2007•Configuration Manager 2007• System Update Services 3.0• File Replication Service 2000/2003• SharePoint Service 3.0• Systems Management Server 2003•Forefront Security for Exchange 10.0•Forefront Security for SharePoint 10.0• Office Project Server 2007• DFS Service 2003• Compute Cluster Server 2003
• Streaming Media Services 2008• Server Clusters 2000/2003• UDDI/Web Service Directory 2008• Print Services 2008•Update Services Agent 2008• Cluster Services 2008• DHCP Services 2008• DNS Services 2008• Group Policy Services 2008• Commerce Server 2007• Communicator Web Access 2005
• Network Policy Services 2008• Terminal Services 2008• Server Core OS 2008• Web Services (IIS) 2008• AD Lightweight Directory Services 2008• AD Certificate Services 2008• Virtual Server Services 2008• Network Load Balancing 2008• Deployment Services 2008• Application Services 2008
Tools for Dealing with Sealed MP’s
MPViewer
Command Shell
Override Explorer
Partner Tools (like MPStudio 2007 – Silect Software)
Product Team Blogs: http://blogs.msdn.com/boris_yanushpolsky/http://blogs.msdn.com/jakuboleksy/http://blogs.technet.com/momteam/
Management Packs, a closer look
How to use Management PacksDiscoveriesHealth monitoringState monitoringMonitors
Management Pack contents
Attributes – to Discover if a role excistsDiscoveries – to lookup objects in a roleGroupsMonitors – to monitor objects and provide data in a service based model, and raise alerts if neededRules – monitor objects in a stand-alone model, and raise alerts if neededViews – look at that data almost realtimeTasks – diagnostic or to resolveKnowledge – knowhow of the dataReports – analyses and overview
Microsoft Confidential
Installing an AgentImporting a management packChanging a ruleA rule firing or a monitor changing stateExecuting a task
Management Pack Management
Override Best Practices
Store override in separate MPs
Do not use the “Disable” command in the override menu
Make sure that the parameter is overridden in all the rules and monitors.
Configure overrides for groups instead of specific instances
Object Discoveries
Objects and relationships are discovered:Objects and relationships are discovered:RegistryRegistry
WMIWMI
ScriptScript
OLEDBOLEDB
LDAPLDAP
Custom code (Managed)Custom code (Managed)
23
Discovered Objects
24
Discovered Relationships
stwilson15d\Instance1stwilson15d\Instance1
mastermaster
modelmodel
OperationsManagerOperationsManager
tempdbtempdb
test1test1
test2test2
stwilson15d.smx.netstwilson15d.smx.net
25
Health Modeling
Every class has a health modelCollection of monitorsArranged in a tree structureAs deep or as shallow as requiredRepresents the current state of the objectUse the health explorer to view
26
State Monitoring
Operations Manager 2005Watch for a conditionRaise an alertCreate a state change from the alert
Operations Manager 2007Watch for a conditionChange stateRoll up state as requiredOptionally generate an alert / notification
27
MonitorsA monitor is a state machineA monitor is in one state at any timeMonitors some aspect of an applicationHas a finite number of operational states (maximum of 3 in this release)Each operational state maps to a health stateDefines alerting conditions (optional)
SCOM 2007 uses Service Based Monitoring instead of Server Based Monitoring like MOM 2005 !!!!!
28
Aggregate Rollup Monitors
Use to show service dependencies
Exchange Server depends on DNS, Active Directory etc. if dns fails, an aggregate rollup monitor show exchange in a warning or critical state, even if these services do not reside on just one server. The computer holding the Exchange Server Role is not affected.
Dependency Rollup Monitor
Used to make the Windows Server running Exchange Role show as in same state as Aggregate Rollup if needed.
Unit Monitor
Monitor discrete events or servicesReactive, but very helpfullTest using EventCreate.exe
Eventcreate
/L <LogName> ie Application, Security, …/T <Type> ie Warning, Error, Warning, Information/SO <Source>/ID <EventID> 1-1000/D <Description>
Unit Monitors
Simple Windows Event Unit MonitorLook for one Event to occur
Correlated Windows Event Unit MonitorLook for related Events to occur in certain order
Windows Services Unit MonitorChecks if service is running, if not… RedHot
SNMP Probe-Based Unit MonitorSends SNMP traps to determine a state
Monitors (State monitoring)
Object
SecurityHealth
ConfigurationHealth
OverallHealth
AvailabilityHealth
PerformanceHealth
ServiceCheck
ProcessUtilization
SQL 2005DB Engine
Unit Monitors
Aggregate Monitors
33
Health Model
Entity
Logical Entity
Local Application
Windows Computer Role
SQL Server
34
Health Model – Roll up
SQL Server
35
Monitor Types – Data Sources
EventPerformanceWMILog fileSNMP TrapWS-Man
ScriptOLEDBLDAPSyslogCrimsonAnd more…
36
Monitor Types - Workflows
Event based:Simple eventsCorrelationConsolidationMissingAnd more…
Performance based:Average
DeltaConsecutive samples
Self tuning
And more…
Pick the type to suit your needsCompose a new workflow if required
37
Dependency MonitorsSQL 2005 DB EngineSQL 2005 DB Engine
SQL 2005 DBSQL 2005 DB
HostingHostingDependency Monitor
38
Dependency MonitorsSQL 2005 DB EngineSQL 2005 DB Engine
SQL 2005 DBSQL 2005 DB
HostingHosting
39
Threshold Monitors (perfmon)
Static Threshold MonitorTriggers Alert at certain level
Self-Tuning Threshold MonitorAllows for tuning values
Self-Tuning Thresholds
OpsMgr agent learns the behavior of a counterRecorded behavior is used to generate alerts at the right timeLearning can be continuous
Optimized Performance Collection
Significantly reduces the amount of data stored in the databaseCan be configured on a per-counter basisTolerance can be configured using an absolute or percentage value
Absolute or Percentage
Absolute works well for counters with values in a limited range
Example: Processor Utilization can range between 0 and 100
Percentage works well for counters with values in an unknown range
Example: TCP Connections
Create one of your own
Approach to building a MPTargeting
Approach to building a MP
Gather the requirements
Find the knowledgeIn the heads of customers, support staff, operators
Application Developers and IT Professionals
Build it
Deploy it in a real work environment and refine
Discipline to the process
Common questions?How long will it take?
Can we get it listed in the Microsoft catalog?
Building a Management Pack
Operations ConsoleAuthoring ConsoleXML Editor
Management Pack Building Blocks
TypesTypes
RulesRules
MonitorsMonitors
TasksTasks
ViewsViews
OverridesOverrides
ReportsReports
OtherOther
Targeting
Microsoft Operations Manager (MOM) 2005Create a computer groupCreate a rule groupAdd rules to rule groupAssociate rule group with computer group
Operations Manager (OpsMgr) 2007Create a typeCreate the discovery for that typeCreate a rule or monitor targeted to that type
Microsoft Confidential
Targeting All Managed ComputersExample:You want to monitor failed logon attempts on Windows
Computers
GOODUse Windows Operating System to target all Windows managed nodes (desktop and servers)Use Windows Server Operating System to target all Windows server managed nodes (all versions)Use Windows Server 2003 Operating System to target all Windows Server 2003 managed nodes
BADDon’t use Agent:
The monitor will not work for agent-less managed computers.The monitor will affect the health state of the Agent which is not what you want.
Don’t use Computer:Management packs for non windows management are likely to use computer as the base type for types such as Unix computer. The monitor that you just created will not work against non windows computers.The monitor will execute against all windows computers. Both clients and servers that are managed by OpsMgr.
Don’t use Windows Computer:The monitor will execute against all windows computers. Both clients and servers that are managed by OpsMgr.
Microsoft Confidential
Operating System ModelOperating SystemOperating System
Windows Operating Windows Operating SystemSystem
Windows Server Windows Server Operating SystemOperating System
Windows Client Windows Client Operating SystemOperating System
Windows Windows Server 2000 Server 2000
Operating Operating SystemSystem
Windows Windows Server 2003 Server 2003
Operating Operating SystemSystem
Windows XP Windows XP Operating Operating
SystemSystem
Windows Vista Windows Vista Operating Operating
SystemSystem
Other Operating Other Operating SystemSystem
Inheritance
Microsoft Confidential
Targeting A Server RoleExample:You want to monitor file cache hits on Web Servers
GOODUse IIS Server Role 2003 to target all IIS 2003 Web Servers. Use IIS Server Role to target all IIS Web Servers. Currently this would apply to Windows 2000 and 2003 IIS servers. With the release of Windows Server 2008 MP, this would also apply to Windows Server 2003 IIS Web Servers.
BADDon’t use Windows Server 2003 Operating System
The monitor will apply to all Windows 2003 Operating Systems regardless of whether IIS is installed or not.
Don’t use Windows ServerThe monitor will apply to all Windows Servers regardless of whether IIS is installed or not.
Don’t use Windows ComputerThe monitor will apply to all Windows computers (both desktops and servers) regardless of whether IIS is installed or not .
Don’t use ComputerIf management packs for other operating systems are installed, the monitor will apply to non windows computers as well. However the monitor will not function correctly.
Microsoft Confidential
Computer Role ModelComputer RoleComputer Role
Windows Computer Windows Computer RoleRole
IIS Server RoleIIS Server Role SQL RoleSQL Role
IIS 2000 IIS 2000 Server RoleServer Role
IIS 2003 IIS 2003 Server RoleServer Role SQL DB EngineSQL DB Engine SQL Reporting SQL Reporting
ServicesServices
Other OS Computer Other OS Computer RoleRole
Inheritance
Microsoft Confidential
Targeting Some Managed ComputersExample:You want to monitor failed logon attempts on Windows
Computers in RedmondGOOD
Use Windows Operating System to target all Windows managed nodes (desktop and servers)Use Windows Server Operating System to target all Windows server managed nodes (all versions)Use Windows Server 2003 Operating System to target all Windows Server 2003 managed nodesOnce you have picked the right type for the situation, create a disabled monitor. Add all Redmond computers to a group. Create an override to enable the monitor for the group.
BADDon’t use Agent:
The monitor will not work for agent-less managed computers.The monitor will affect the health state of the Agent which is not what you want.
Don’t use Computer:Management packs for non windows management are likely to use computer as the base type for types such as Unix computer. The monitor that you just created will not work against non windows computers.The monitor will execute against all windows computers. Both clients and servers that are managed by OpsMgr.
Don’t use Windows Computer:The monitor will execute against all windows computers. Both clients and servers that are managed by OpsMgr. Failed logons is actually an attribute of the operating system rather than the computer.
Ways to get data into OpsMgr
Management pack consuming or creating the data (this is the better integrated method)
OpsMgr existing data source modulesWrite to event log, build a perf counter
Scripts executed within a MPCall a script on a timed interval and insert data back in for evaluation
Creating a inserting “connector” through SDK apisManage discoveryInsert events, performance data associated to instancesUse monitors to create alerts and change state
Report TypesNew generic reportsLinked (specialized) reports
Supporting database objects (views, functions, stored procedures)New storage structures (tables) and collection for new data types
Reports
What is a quality MP?
• Leverages the full capabilities of Operations Manager 2007• Uses the OpsMgr agent on Windows platforms• Defines and discovers the model including relationships• Provides tasks to configure target applications/components
to be managed• Provides component specific Health Models,
troubleshooting knowledge, tasks and specific reports• Provides synthetic transactions for user facing components• Provides component problem specific resolution tasks• Is globalized and localized in the same languages as
Operations Manager• Provides configuration and deployment guidance
documentation